Accidents happen to everyone but according to a recent report, this one is a pretty big one. Apparently, some of the confidential data related to the US military project was simply left completely unprotected on a server belonging to Amazon. The data included over 60,000 files with some of the very sensitive info publicly accessible and not even protected with a password.
That is almost 28GB of confidential data which a contractor from Booz Allen Hamilton (BAH) had left unguarded. BAH is one of the top defense contractors that’s been working for the US and was long considered to be among the best and most profitable spy operations in the world.
Among the data that was left exposed are also the unencrypted passwords belonging to contractors who were granted with the Top-Secret Facility Clearance. If misused, the credentials might lead to a lot of sensitive data leak. The leaked files also mention NGA (National Geospatial-Intelligence Agency), which is a US agency working as Pentagon’s ‘mapmakers.’
BAH has received an $86 million for one of the defense contract projects and it supposedly involved getting and analyzing the data related to geospatial research. This is the data that was collected with the help of drones and satellites. It’s known that the NGA has worked with CIA on many occasions, as well as DIA (Defense Intelligence Agency), and NRO (National Reconnaissance Office).
The server on which the files were left was discovered a week ago by Chris Vickery, UpGuard‘s cyber risk analyst. The server in question mostly contained files that are public, so finding this must have been quite a shock. Especially since the servers used by the US government are always kept on the separate space, which is known as GovCloud. GovCloud is also protected heavily, by both physical and digital security protocols.
Recently discovered data leakage situation report is being written up. Two relevant words: t*p s*cr*t.
Report will likely post Wednesday. pic.twitter.com/dyADMevFEJ
— Chris Vickery (@VickerySec) May 28, 2017
The NGA confirmed the existence of this data. However, they’ve called the data unclassified, but still sensitive. This potential disclosure was taken very seriously, and the affected credentials were immediately revoked, as the NGA claims. Apparently, none of the classified info got out, which was a lucky coincidence.
Unfortunately, this wasn’t an isolated incident, but rather the last in the series of the unsecured server incidents that are giving away sensitive data. Another incident from earlier in this very year involved a backup drive that wasn’t protected even by a password. With such poor security, it’s not a surprise that the sensitive info related to the US Air Force members has leaked.
BAH has stated that the files left unprotected are now secured and that the complete investigation is being carried out. So far, they claim to have found no evidence of any classified data being compromised. This organization was once the employer of the NSA whistleblower Edward Snowden. Snowden, as you probably know by now, has copied and publicly released a lot of the classified information without any authorization.
BAH was supposedly also hacked by Anonymous, back in 2011. During the hack, over 90,000 emails were said to be stolen, as well as login information for several of the personnel that’s working for multiple military-related government organizations.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.